WHATSAPP DOES NOT FULLY DELETE USERS’ MESSAGES RESEARCHER REVEALS
WhatsApp does not completely remove users’ messages when they are deleted, according to a security researcher. Jonathan Zdziarski found that the popular app stores a “forensic trace” of messages on iPhones even after they have been deleted with in-app functions.
The messages no longer appear within the app itself, but could be recovered by somebody with access to the device and data forensics tools.
“Sorry, folks, while experts are saying the encryption checks out in WhatsApp, it looks like the latest version of the app tested leaves forensic trace of all of your chats, even after you’ve deleted, cleared or archived them… even if you ‘Clear All Chats’,” he said in a blog post. “In fact, the only way to get rid of them appears to be to delete the app entirely.”
Zdziarski explained that the developers do not seem to have done this deliberately, but that deleted messages are not purged or erased from the app’s database, leaving traces that can be recovered and read by those with the right knowhow.
He added that the issue is not unique to WhatsApp. In fact, it is “just as bad, if not worse” in Apple’s iMessage app, which keeps copies of its message database – including deleted content – across iCloud and all connected iPhones, iPads and Macs.
WhatsApp’s database is also copied to iCloud during backups, Zdziarski said, meaning law enforcement and hackers could potentially get hold of it without the original device.
While all this might sound dramatic, he insisted there was no need for users of the app to panic. Instead, he said, they should simply be aware of the footprint it leaves behind.
Instead, he recommended that they use long, complex passwords on their phones, periodically delete and reinstall WhatsApp to start with a fresh database and potentially even disable iCloud backups to confine the database to their devices.